talexander/machine_setup
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

base: talexander:8b1e76d9d71064232ae6bffe5eed94abfcd0a6ad
Branches Tags
talexander:main
talexander:nix
talexander:install_files_mixin
talexander:starship
talexander:pixelbook
..
compare: talexander:0fb53a4294e871ae916ef0a5dd40108a5aee3dae
Branches Tags
talexander:nix
talexander:install_files_mixin
talexander:main
talexander:starship
talexander:pixelbook

2 Commits
8b1e76d9d7 ... 0fb53a4294

Author SHA1 Message Date
Tom Alexander
0fb53a4294
Add preparations for the new location for secureboot keys. 2025-01-12 21:17:47 -05:00
Tom Alexander
4019e6d132
Fix buildkit access to SSH agent. 2025-01-12 21:17:47 -05:00
2 changed files with 26 additions and 15 deletions
Show Stats Expand all files Collapse all files

6
nix/configuration/roles/boot/default.nix
View File

@ -75,11 +75,15 @@
boot.lanzaboote = { boot.lanzaboote = {
enable = true; enable = true;
pkiBundle = "/etc/secureboot"; pkiBundle = "/etc/secureboot";
# TODO:
# pkiBundle = "/var/lib/sbctl";
}; };
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) { environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true; hideMounts = true;
directories = [ directories = [
"/etc/secureboot" # Secure Boot Keys "/etc/secureboot" # Old Secure Boot Keys location
# TODO: run `doas sbctl setup --migrate` to move keys
"/var/lib/sbctl" # Secure Boot Keys
]; ];
}; };
}) })

35
nix/configuration/roles/docker/default.nix
View File

@ -9,10 +9,15 @@
imports = [ ]; imports = [ ];
virtualisation.docker.enable = true; virtualisation.docker.enable = true;
virtualisation.docker.rootless = { # Use docker activation
enable = true; virtualisation.docker.enableOnBoot = false;
setSocketVariable = true; # Rootless docker breaks access to ssh for buildkit.
}; # virtualisation.docker.rootless = {
# enable = true;
# setSocketVariable = true;
# };
# Give docker access to ssh for fetching repos with buildkit.
virtualisation.docker.extraPackages = [ pkgs.openssh ];
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
docker-buildx docker-buildx
]; ];
@ -27,16 +32,18 @@
mode = "0740"; mode = "0740";
} }
]; ];
users.talexander = { # users.talexander = {
directories = [ # directories = [
{ # {
directory = ".local/share/docker"; # directory = ".local/share/docker";
user = "talexander"; # user = "talexander";
group = "talexander"; # group = "talexander";
mode = "0740"; # mode = "0740";
} # }
]; # ];
}; # };
}; };
# Needed for non-rootless docker
users.users.talexander.extraGroups = [ "docker" ];
} }